Is Cloud Storage Secure and Private?

Category: Cloud

Are you using cloud services like file storage, online backup, webmail and document sharing? Most people don't know much about the safety and security of cloud computing. The parade of high-profile data breaches in the past year has some people worried about the security of cloud services. Are your files and sensitive data safe and secure in the cloud, or are they vulnerable to hackers, snoopers and other threats? Here's the scoop on cloud storage security...

Is Your Head in The Clouds?

Cloud computing – storing data and using application software "out there" in the cloud of Internet servers – is becoming more and more common. See my related article Free Cloud Storage Services for some examples of popular cloud services. But are they safe? Can you trust some company on the other side of the wire with your business or personal data? Can you depend on software that isn't on your computer to be available when you need it? What are the risks of cloud computing, and how can you mitigate them?

The first risk you run is being cut off from your computing resources by some breakdown in communication between you and them. But that's rather unlikely, really. The Internet was designed to route data around broken communication lines, crashed routers, and other obstacles. Unless you live in a country with a totalitarian form of government, the Internet tends to be self-healing, unlike your desktop computer. So before fuming at your cloud storage provider for going down a whole five minutes, estimate how long it would take you to obtain and install a new hard drive, then restore everything from your local backup. Half a day, at least?

Cloud Storage

Oh, and you DO have a local backup, right? If not, see How I Got Hacked... And Why You MUST Have a Backup! for a cautionary tale, and more about options for backing up your important files.

Risks of Cloud Storage

Data theft is a second and more serious risk of cloud computing. It's not that cloud-computing providers are sloppy about security. They're more conscientious about it than many large enterprises and most small users. But the bigger the castle, the more barbarians there are at the gates. As more companies deposit their top-secret data in cloud-computing providers' castles, more hackers turn their efforts to breaching those high walls. It's a never-ending battle, but fundamentally no different from you versus a lone hacker -- and most home users are no match for a skilled hacker.

To those who say "I would NEVER put my files out there on some cloud server... they're much safer on my hard drive," I say the following: Does your home have gated perimeter access, 24x7 on-site security guards, and security cameras? Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake? Do you have sophisticated network monitoring and intrusion detection software? You can bet your cloud storage provider has all that
and more in place to safeguard your data.

Google's Cloud Security FAQ, for example, goes into detail about how your data is protected: "Our data centers are built with custom-designed servers, running our own operating system for security and performance. Google’s 700+ security engineers, including some of the world’s foremost experts, work around the clock to spot threats early and respond quickly. We get better as we learn from each incident, and even incentivize the security research community, with which we actively engage, to expose our systems’ vulnerabilities... we undergo several independent third-party audits on a regular basis. For each one, an independent auditor examines our data centers, infrastructure, and operations."

Government monitoring and seizure of data is a third issue with cloud computing. The European Union has strict, high standards of privacy protecting citizens against government intrusion into their personal business. Not so in the United States, where the law gives government agents enormous latitude to spy upon and seize personal data, if they can get their hands on it. Did you know that the Electronics Communication Privacy Act passed in 1986 allows law enforcement to access emails stored in the cloud for more than 180 days without a warrant?

Another important consideration is death. What happens to your information stored online in the event that you're no longer around? Everyone should have a plan to pass along important login/password credentials in the event they die. In addition to cloud storage, make sure you think about your webmail, online banking and social media accounts. See my related article You Can't Take it With You (Digital Estate Planning).

And it's always possible that your cloud-computing provider will go out of business. But in the event that a popular, reputable cloud storage provider was planning to shut down their service, they whould provide ample notice and opportunity for customers to retrieve their data. In the unlikely event that a cloud provider suddenly goes dark, what happens to your data in that case? My advice is to keep local backups, or use a second cloud-computing provider for redundancy.

What About Encryption?

Popular cloud storage services like Microsoft Onedrive and Google Drive will encrypt files as they travel between your computer and the cloud servers. So you don't have to worry about some hacker or wifi sniffer peeking inside your spreadsheet as it zips along the information highway. Your files are protected by strong physical security measures, but they're not encrypted while they're stored on the Microsoft or Google servers in the cloud. There are good reasons for that, however. If the files were encrypted in the cloud, you couldn't easily view them over a web interface, share them with other users or do collaborative online editing. (Boxcryptor is a third-party add-on that works with Google Drive, Microsoft OneDrive, and other cloud providers to provide "at-rest" encryption for your files in cloud storage.)

If you want to handle the encryption on your own, my article Encrypt Your Hard Drive discusses TrueCrypt and some other options for encrypting your files. This can work well if you want to use a cloud storage option that doesn't offer encryption. See Ten Free Cloud Backup Services to learn how to access over a terabyte of free online storage.

Dropbox does take the extra step of encrypting user files with SSL (Secure Sockets Layer) and AES-256 bit encryption, once they've been stashed on the cloud server. That gives you the assurance that if Evil Hackers were able to break into Dropbox, they wouldn't be able to read your scrambled files. But the caveat is that Dropbox itself has the decryption keys needed to unscramble the files. This quote from the Dropbox security FAQ explains why:

"We do have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that's the rare exception, not the rule. We have strict policy and technical access controls that prohibit employee access. In addition, we employ a number of physical, technical, and heuristic security measures to protect user information from unauthorized access."

If you're uncomfortable about the lack of encryption for files in OneDrive or Google Drive's cloud storage, or you just don't trust the server-side encryption that services like Dropbox offer, you do have another option. With client-side encryption, you can encrypt the files BEFORE they leave your hard drive, and you control the decryption keys. Most cloud backup services such as Mozy, Carbonite and iDrive offer you the option to use a personal encryption key so that your files are encrypted before sending to the offsite cloud backup, and only you can decrypt them. VeraCrypt is a free, open-source, cross-platform encryption tool. Versions are available for Windows, Linux, and Mac OS X.

Cloud computing is definitely here to stay, and its benefits are compelling. You shouldn't avoid cloud storage services because of imagined or falsely inflated fears, but you should be ready to deal with the real risks.

Are you storing files in the cloud? Got comments or questions about cloud storage? Post your thoughts below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 11 Jul 2019


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 10 July 2019

The Top Twenty
Next Article:
Hey, It's My (digital) Birthday!

Most recent comments on "Is Cloud Storage Secure and Private?"

Posted by:

john
11 Jul 2019

Bob, What about Cryptomator? Makes any cloud service encrypted at rest. And it is FOSS.


Posted by:

Nezzar
11 Jul 2019

Thanks, Bob, for an informative article. I have my files in Onedrive, and have been happy with this service.
However, I also have everything on a USB drive and the computer's hard drive.


Posted by:

Paul Anderson
11 Jul 2019

What if you don't trust Google or Microsoft or any of the other providers. How about an external drive saved off-site?


Posted by:

John
11 Jul 2019

@paul That is what I do, I have two 3GB usb drives which are a mirror image of each other. I keep one at home and one off site. I can re-create my whole system with either drive. But I am intrigued by Cryptomator. I would probably use it if I ever did use cloud storage. You never have to worry about data being stolen as it is encrypted on your PC before being transferred to the cloud.


Posted by:

Pete
11 Jul 2019

I use Google Drive. For any important files, I’ve used 7-Zip to encrypt the file with a password at highest level encryption possible. However, I looked up the program Cryptomator mentioned earlier in comments & I really like what I see. A program with no signup or possible future fees & completely handled on my side. I do wonder about sharing files with it. In contrast, with 7-Zip, if I end up sharing the file, I send the person the password to open it. ( I just use a password that I don’t generally use on most personal things if I intend to share it. I don’t consider that many of my files to be high security so it is probably not a system for everyone of course. )

I don’t particularly like the idea of using cloud services with huge companies like Google but their service is so easy and integrated with things I use every day that I gave up trying to recreate the wheel or finding unique ways to “protect” my stuff. I don’t do anything illegal on purpose so if my information could potentially be shared with the government, hopefully they wouldn’t plant anything, but outside that, I don’t feel I have anything to hide. I get the philosophical reasoning and the downward momentum possibilities but I really don’t see it in reality. I was military so ‘they’ know me anyway. IMHO

Thanks for the article!


Posted by:

MmeMoxie
11 Jul 2019

Excellent article, Bob!!!


I personally do not use a Cloud Service. For my particular reason is that I basically have only a few items on my computer that I consider vitally important. Now for those vital files, I utilize my External Hard Drive as my back up. I have a 2 TB Hard Drive in my desktop. I have only used about one eighth of the whole drive, right now. Most of that used space is Causal PC Games.


However, I do believe in Cloud Services. I can see the complete practicality of those services for Home Offices, Small Business and large Corporate Businesses. I also agree that Cloud Services are better prepared with security measures than most businesses and too many home computers are.


You only have to work outside of home to know what can and does happen with security. I can't tell you of how many times I have had to "clean up" a computer do to it being infected with a virus or Trojan Horse or Worm or whatever, due to someone taking home a file on a Floppy Disk home and infecting their own home computer!


Yes, I know that Floppy Discs are basically no longer in much use these days, so the newest method is to use a USB Stick or Drive. The concept is still the same, bring home file and infect home computer. So, to me Cloud Services definitely saves one "bad" method of utilizing files from work to home ... Now, you can go home and simply access the file(s) you want to work on from a Cloud Service.


As for back-ups ... Cloud Services are probably better in the long run than even External Hard Drives. Why? Hard Drives "die" whether they are Internal or External. Once they are gone ... They are gone! It is very expensive to use a service that can extract files from a "dead" Hard Drive. So, using a Cloud Service can save you time, energy and money, in the end.


Posted by:

Stu
11 Jul 2019

Good summary. I have used Boxcryptor for several years...not based in the USA, so no pressures from US authorities if you have something to hide!! Boxcryptor also allows for local storage folders on your device, which is very handy
As for OneDrive formally SkyDrive...I have lost numerous data packages...Had better luck with Box.com.
Always have a couple of backups on external portable USB drives...using Boxcryptor!
Nothing to hide here...apart from the bad guys, whoever they are.


Posted by:

Tim
11 Jul 2019

I used Mozy for about a decade and was quite pleased with it's performance and granular control. Then Carbonite took over Mozy, and after about a year, magically installed Carbonite on machines running Mozy and eliminated Mozy. Very sad. I switched to a different provider because I was not happy with Carbonite. Carbonite is very intrusive on the computer, and difficult to manage the choice of what gets backed up. I took your suggestion and moved to iDrive.


Posted by:

Doc
11 Jul 2019

Bob,
RE: ". . . Do you have a fire detection and suppression system, backup power generators, and a disaster recovery plan in the event of hurricane, flood or earthquake?" (Dang! you forgot EMP's, and CBN conventional or non-convention weapons.)

VERY good question, kinda like a 'non-radioactive' Fukushima, Chernobyl, and Three Mile?* What could go wrong? All contingency plans were very well planned extremely well evaluated, and and enacted promptly to stop the flow of 'information' into the 'real' world.

I suspect that Puerto Rico also had hurricane recovery plans as well as FEMA -- kinda like Katrina, (et.al.). What could go wrong?

If YOUR personal information out on the web for every scammer and government on earth (probably the same circle according to Venn)doesn't scare you, please seek psychiatric attention immediately.

Though, on fixed income multiple back-ups can get pricey over time. BUT, I've recovered several times since my start with IBM 360's, by using a backup. The backup for a 360 were the punch cards and program flow charts you kept. THEN we got mag-tape. Then you needed back-ups.

Doc.

* My great uncle was a Nuclear (field, not academic) Engineer. HIS take on 3-mile was: "Well, that just proves how safe Nuclear Power is." THAT wasn't quite MY take, but I was not a Ph.D. Nuclear Engineer from Cal (UC-Bezerkeley) so I didn't even know enough to have an opinion, thoughts about, yes, but not enough knowledge for an opinion.

DON'T THINK YOU ARE INNOCENT. THE GOVERNMENT DOESN'T THINK YOU ARE. KEEP A BACK-UP EVEN IF IT'S TROUBLE. I buy indoor insurance from my phone company. That is your back-up. When my phone quit, (first 4 months) the tech told me without insurance it would have cost $425. That cost me $9.50 a month. Four more calls got the 50 year old wire re-done for "free". Then I changed phone companies.


Posted by:

IanG
11 Jul 2019

I have several reservations about cloud storage. The main one being the computer resources needed for constant uploading to the cloud. About 10 years ago I used Carbonite BUT my computer was never able to keep up and so was always uploading data. This used valuable processor power making everything else run slower.

Now we have fibre - except that I don't. To make it worth my while to use fibre I would need to pay at least an extra £15 per month to access the 2nd tier of speed. I simply cannot afford it, above what I already pay for DSL, phone line, mobile account etc.

I use 4 hard drives for daily/weekly backups plus odd USB memory sticks plus my smartphone SD card. I am very conscious of the need for backing up but some of us are constrained by a low income, to be able to take on any more monthly payments.


Posted by:

JJ
11 Jul 2019

We must face the issue of the integrity of the cloud storage provider.
For example, Google employees have blown the whistle on their company skewing search results to favor liberals, to do everything possible against President Trump and Republicans.
The RNC (Republican National Committee) and other Republican or conservative organizations would be beyond stupid to trust their stored data to Google.
Carefully vet any cloud storage service before you sign up. It involves much more than technical security.


Posted by:

RandiO
12 Jul 2019

At any point in time, any type of data can be made as secure and private as it needs to be.
Until it is not anymore and requires that it be made more secure and more private, again.
I used to store all of my secure/private data in my brain.
Then, I found out that I sleep-talk and my protocol was like putting all the eggs in any one single 'basket'.
"Hello, gDrive, 1Drive, DropBox! Please upgrade my data security/privacy to quantum encryption using 53 factorial qbit keys."
Rinse, flush and repeat. I presume the "backup power generator" must be for the rinse and flush cycles


Posted by:

Groman
12 Jul 2019

Do not use them do not trust them!!!

Them being Google Facebook Microsoft Amazon and the like.

1. If a person thinks those tech wizards can't unencrypt what you think is encrypted on their servers that person should re-think.

2. If a person thinks they will not keep copies for their own use to harvest data for example think again.

3. Those companies will do anything for money and you wouldn't even know they sold you out. They have lying down to an art form.

4. To Paraphrase Mark Zuckerberg "Anyone who would trust me (Facebook) with their personal information is an idiot". I believe he used the phrase Dumb F***S He is on record saying such.

An individual that is too lazy to back up his or her own data has too much usless data.


Posted by:

Abaham G.
14 Jul 2019

Groman - you are correct. You can NOT trust ANY of these companies. Why did Google delete their saying "Do no evil"? Because evil is what they are.


Posted by:

Buffet
16 Jul 2019

I truly feel that those cloud criminals would eagerly and readily turn off all your private 411 to the C.I.A., the F.B.I., or Interpol, at the drop of a hat!
Anyone, this side of an angel, who trusts a "cloud" with their precious data should have their head examined!!


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy


Article information: AskBobRankin -- Is Cloud Storage Secure and Private? (Posted: 11 Jul 2019)
Source: https://askbobrankin.com/is_cloud_storage_secure_and_private.html
Copyright © 2005 - Bob Rankin - All Rights Reserved